/*
 *  ConnMan VPN daemon settings
 *
 *  Copyright (C) 2012-2013  Intel Corporation. All rights reserved.
 *  Copyright (C) 2018-2020 Jolla Ltd. All rights reserved.
 *  Contact: jussi.laakkonen@jolla.com
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License version 2 as
 *  published by the Free Software Foundation.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 */

#ifdef HAVE_CONFIG_H
#include <config.h>
#endif

#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <pwd.h>
#include <unistd.h>
#include <sys/types.h>

#include <connman/log.h>

#include "vpn.h"

#define DEFAULT_INPUT_REQUEST_TIMEOUT 300 * 1000
#define PLUGIN_CONFIGDIR CONFIGDIR "/vpn-plugin"
#define VPN_GROUP "DACPrivileges"

static struct {
	unsigned int timeout_inputreq;
	char *binary_user;
	char *binary_group;
	char **binary_supplementary_groups;
	char **system_binary_users;
} connman_vpn_settings  = {
	.timeout_inputreq		= DEFAULT_INPUT_REQUEST_TIMEOUT,
	.binary_user			= NULL,
	.binary_group			= NULL,
	.binary_supplementary_groups	= NULL,
	.system_binary_users		= NULL,
};

struct vpn_plugin_data {
	char *binary_user;
	char *binary_group;
	char **binary_supplementary_groups;
};

GHashTable *plugin_hash = NULL;

bool vpn_settings_is_system_user(const char *user)
{
	struct passwd *pwd;
	struct passwd *system_pwd;
	int i;

	/*
	 * The username is not set = override should not be used. This is the
	 * case after the override is reset.
	 */
	if (!user)
		return true;

	DBG("check user \"%s\"", user);

	/*
	 * Ignore errors if no entry was found. Treat as system user to
	 * prevent using an invalid override.
	 */
	pwd = vpn_util_get_passwd(user);
	if (!pwd)
		return true;

	if (!connman_vpn_settings.system_binary_users) {
		DBG("no binary users set");

		/*
		 * Check if the user is root, or the uid equals to process
		 * effective uid.
		 */
		return !pwd->pw_uid || pwd->pw_uid == geteuid();
	}

	/* Root set as user or the effective user id */
	if (!pwd->pw_uid || pwd->pw_uid == geteuid())
		return true;

	for (i = 0; connman_vpn_settings.system_binary_users[i]; i++) {
		const char *system_user =
				connman_vpn_settings.system_binary_users[i];

		system_pwd = vpn_util_get_passwd(system_user);
		if (!system_pwd)
			continue;

		if (pwd->pw_uid == system_pwd->pw_uid)
			return true;
	}

	return false;
}

const char *vpn_settings_get_binary_user(struct vpn_plugin_data *data)
{
	if (data && data->binary_user)
		return data->binary_user;

	return connman_vpn_settings.binary_user;
}

const char *vpn_settings_get_binary_group(struct vpn_plugin_data *data)
{
	if (data && data->binary_group)
		return data->binary_group;

	return connman_vpn_settings.binary_group;
}

char **vpn_settings_get_binary_supplementary_groups(struct vpn_plugin_data *data)
{
	if (data && data->binary_supplementary_groups)
		return data->binary_supplementary_groups;

	return connman_vpn_settings.binary_supplementary_groups;
}

unsigned int __vpn_settings_get_timeout_inputreq()
{
	return connman_vpn_settings.timeout_inputreq;
}

static char *get_string(GKeyFile *config, const char *group, const char *key)
{
	char *str = g_key_file_get_string(config, group, key, NULL);
	return str ? g_strstrip(str) : NULL;
}

static char **get_string_list(GKeyFile *config, const char *group,
				const char *key)
{
	gsize len = 0;
	char **str = g_key_file_get_string_list(config, group, key, &len, NULL);

	if (str) {
		guint i = 0;

		for (i = 0; i < len ; i++) {
			str[i] = g_strstrip(str[i]);
		}
	}

	return str;
}

static void parse_config(GKeyFile *config, const char *file)
{
	const char *group = "General";
	GError *error = NULL;
	int timeout;

	if (!config)
		return;

	DBG("parsing %s", file);

	timeout = g_key_file_get_integer(config, group,
			"InputRequestTimeout", &error);
	if (!error && timeout >= 0)
		connman_vpn_settings.timeout_inputreq = timeout * 1000;

	g_clear_error(&error);

	connman_vpn_settings.binary_user = get_string(config, VPN_GROUP,
						"User");
	connman_vpn_settings.binary_group = get_string(config, VPN_GROUP,
						"Group");
	connman_vpn_settings.binary_supplementary_groups = get_string_list(
						config, VPN_GROUP,
						"SupplementaryGroups");
	connman_vpn_settings.system_binary_users = get_string_list(
						config, VPN_GROUP,
						"SystemBinaryUsers");
}

struct vpn_plugin_data *vpn_settings_get_vpn_plugin_config(const char *name)
{
	struct vpn_plugin_data *data = NULL;

	if (plugin_hash)
		data = g_hash_table_lookup(plugin_hash, name);

	return data;
}

static void vpn_plugin_data_free(gpointer data)
{
	struct vpn_plugin_data *plugin_data = (struct vpn_plugin_data*)data;

	g_free(plugin_data->binary_user);
	g_free(plugin_data->binary_group);
	g_strfreev(plugin_data->binary_supplementary_groups);

	g_free(data);
}

int vpn_settings_parse_vpn_plugin_config(const char *name)
{
	struct vpn_plugin_data *data;
	gchar *file;
	gchar *ext = ".conf";
	GKeyFile *config;
	gint err = 0;

	if (!name || !*name)
		return -EINVAL;

	if (vpn_settings_get_vpn_plugin_config(name))
		return -EALREADY;

	file = g_strconcat(PLUGIN_CONFIGDIR, "/", name, ext, NULL);

	config =  __vpn_settings_load_config(file);

	if (!config) {
		err = -ENOENT;
		DBG("Cannot load config %s for %s", file, name);
		goto out;
	}

	data = g_try_new0(struct vpn_plugin_data, 1);

	data->binary_user = get_string(config, VPN_GROUP, "User");
	data->binary_group = get_string(config, VPN_GROUP, "Group");
	data->binary_supplementary_groups = get_string_list(config, VPN_GROUP,
						"SupplementaryGroups");

	DBG("Loaded settings for %s: %s - %s",
		name, data->binary_user, data->binary_group);

	if (!plugin_hash)
		plugin_hash = g_hash_table_new_full(g_str_hash, g_str_equal,
						g_free, vpn_plugin_data_free);

	g_hash_table_replace(plugin_hash, g_strdup(name), data);

	g_key_file_unref(config);

out:
	g_free(file);
	return err;
}

void vpn_settings_delete_vpn_plugin_config(const char *name)
{
	if (plugin_hash && name)
		g_hash_table_remove(plugin_hash, name);
}

GKeyFile *__vpn_settings_load_config(const char *file)
{
	GError *err = NULL;
	GKeyFile *keyfile;

	keyfile = g_key_file_new();

	g_key_file_set_list_separator(keyfile, ',');

	if (!g_key_file_load_from_file(keyfile, file, 0, &err)) {
		if (err->code != G_FILE_ERROR_NOENT) {
			connman_error("Parsing %s failed: %s", file,
								err->message);
		}

		g_error_free(err);
		g_key_file_unref(keyfile);
		return NULL;
	}

	return keyfile;
}

int __vpn_settings_init(const char *file)
{
	GKeyFile *config;

	config = __vpn_settings_load_config(file);
	parse_config(config, file);
	if (config)
		g_key_file_unref(config);

	return 0;
}

void __vpn_settings_cleanup()
{
	g_free(connman_vpn_settings.binary_user);
	g_free(connman_vpn_settings.binary_group);
	g_strfreev(connman_vpn_settings.binary_supplementary_groups);
	g_strfreev(connman_vpn_settings.system_binary_users);

	if (plugin_hash) {
		g_hash_table_destroy(plugin_hash);
		plugin_hash = NULL;
	}
}